POLICY-SOCIAL -- Snort has detected a violation of the corporate policy. Similar to an IOC, this activity may not be directly malicious, but could be a symptom of compromise, or of a misuse of the network. Examples are cryptocurrency mining and strade (Bitcoin, et al). The ISP wonâ€™t block these, but corporate policies likely prohibit them. In this case, Snort has detected a violation of social media policy. Some companies choose to disallow some or all social media, or to only allow in-network social sharing. This can prevent simple productivity loss or serious NDA breaches (sharing of files from the internal network, etc.).
POLICY-SOCIAL IRC K-line active
This event is generated when network traffic that indicates POLICY-SOCIAL IRC K-line active is being used.
Possible policy violation. The use of POLICY-SOCIAL IRC K-line active may be prohibited by corporate policy in some network environments.
This event indicates that the POLICY-SOCIAL IRC K-line active is being used on the protected network.
Ease of Attack:
What To Look For
No public information
No known false positives
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information